Is there a way to force the browser to always pass the authorization header if the credentials are already available?

Question

Is there a way to force the browser to always pass the authorization header if the credentials are already available?

Using Basic Authentication, if the user is already signed in, the browser will include the username / password in the http request in subsequent http requests ONLY if it receives a 401 response containing an authentication request. The username / password is passed through the authorization header.

Is there a way to force the browser to always include the authorization header after the user logs in?

The reason I am asking this is because I have a CGI application (separate from the main CGI application that serves my dynamic pages) that should use authorization information if present, but should not ask for it if she is not present.

Thanks.

0

http http-headers cgi basic-authentication

green_t May 23 '09 @ 4:12 am

a source to share

2 answers

Curt J. Sampson · Answer 1 · 2009-05-23T05:23:25+0000

if the user is already logged in, the browser will include the username / password in the http request in subsequent http requests ONLY IF it receives a 401 response containing an authentication request

This is not the behavior I see in web browsers; after the browser has received the 401, it always includes authorization after that. Can you provide more details on how to reproduce the problem?

atr3id · Answer 2 · 2009-05-27T08:44:46+0000

One solution would be to expose a single handler for your CGI application that will generate an HTML page that will make an AJAX call requesting a 401 that the browser will then respond to. Would that make sense?

Is there a way to force the browser to always pass the authorization header if the credentials are already available?

More articles: